Can a porn blocker see what I am searching? (a plain-language explanation)
A friend asked me this last week.
"How does Escape know to block porn sites if it can't see what I am searching?"
He was skeptical. Reasonably so. Most apps that block things on your phone do so by sitting in the middle, watching what you do, and stopping the bad stuff. That is how parental control software works. That is how many "porn blocker" apps work. And it is exactly the model that should make you nervous, because if the app can see what you do, then so can the company behind the app, and so can whoever the company sells data to, and so can whoever hacks them next.
Escape does not work that way. None of the well-built iOS blockers do. Here is how it actually works, in plain language.
The mailman analogy
Think of your phone as a house. Your browser is a mailman. Every website you visit is the mailman fetching a letter from somewhere and bringing it back to your house.
A typical "porn blocker" app for Windows works like this. It sits at the front door. The mailman comes in carrying letters. The app reads every letter. If a letter is from a forbidden address, the app rips it up. Otherwise it hands the letter to you.
Notice the problem. The app reads every letter. Including the ones it does not rip up. The app knows everything you read.
That is not how iOS content blockers work.
On iOS, the blocker hands the mailman a list. "Do not bring letters from any of these addresses." Then the blocker leaves. The mailman keeps the list in his pocket. When he is about to deliver a letter, he checks the list. If the address is on it, he leaves the letter at the post office and walks past. If not, he delivers it.
The blocker never sees any letters. Not the blocked ones. Not the delivered ones. The blocker just delivered a list, once, and then went home.
That is the architecture iOS gives developers like me. The list is one way. The blocker hands it to iOS, iOS does the blocking. There is no return channel. There is no "by the way, here is what they tried to visit." iOS does not give that information to anyone. Including me.
This is not a promise. This is how the iOS framework is built. The blocker is sandboxed in a way that makes it physically impossible for the blocker to see what you do.
"But how do you know what to put on the list?"
This is the next question I always get. If I do not see what you visit, how do I know which sites to block?
I do not need to know what you visit. The list is the same for every user. I assembled it once. It contains the addresses of known adult-content sites. About 12,000 of them. The list updates when new sites get reported.
The same list goes to every Escape user. Your phone gets a copy. Your friend's phone gets a copy. Neither copy comes back to me with any information about what you actually browse. The list is identical, pre-built, downloaded once, applied locally.
If you turn off Escape, the list stops being applied. Your phone is unchanged. If you turn it back on, the list is applied again. Nothing about your specific behavior travels anywhere.
What about the apps I block?
If you use the Escape app-blocking feature, you are blocking apps like Instagram or TikTok. iOS calls this Family Controls. The interface looks like a picker. You tap "Block these apps," select Instagram and TikTok, and they go behind a shield screen.
Here is the part that surprises people. The selection you make is stored as encrypted tokens. iOS keeps those tokens. The tokens are meaningful only to your phone. Even Apple cannot tell which apps you picked. Apple designed it that way on purpose.
I, as the developer, receive a token-shaped placeholder when you pick an app. I cannot read the placeholder. It tells me "the user picked something." It does not tell me what. It is mathematically inert outside your phone.
If you blocked Instagram and your friend blocked TikTok, neither I nor anyone else can tell that apart. The selections never leave your devices. Apple's framework refuses to surface them.
I am not just saying this. It is in Apple's official documentation. The Family Controls framework is described in the Apple Developer documentation for any developer who wants to verify. Apple's whole pitch to developers like me is "you can build a parental control feature without seeing the data." That is the contract iOS enforces.
What about my journal and streak?
Escape has a journal feature and a streak counter. Some people use them. The thing you might worry about. The journal is yours. Where is it stored.
It is stored on your phone. In a place iOS calls the app's sandbox. Which is a folder that only Escape can read. Other apps cannot see into the folder. Apple cannot see into the folder. I cannot see into the folder.
If you have iCloud turned on, some of that data may sync between your own Apple devices. From your iPhone to your iPad, for instance. That sync happens through Apple's infrastructure, encrypted by Apple, with keys Apple holds. I am not in the loop. I cannot read your journal because there is no path from your journal to me.
You can verify this yourself with a packet sniffer like Charles Proxy or Little Snitch. The app talks to Apple's servers and one anonymous analytics endpoint in Germany. Nothing else. Your journal never appears in the network traffic. Because it never leaves.
What does Escape know about me, then?
A small list. I will be honest.
I know that you opened the app at some point. Through anonymous analytics from a German service called TelemetryDeck. I do not know your name, your email, your IP address, your device id, or anything else that could identify you. I get aggregate counts. "The user base opened the app 4 times this week on average." Nothing more.
I know if you bought a subscription. Through Apple's StoreKit. Even there, I do not see your name, your email, your Apple ID, or your payment method. Apple gives me a verified receipt. The receipt says "this purchase is real and active." It does not say who you are.
I know that the Safari blocker list was downloaded. Through Apple's content blocker registration. I do not know if it ever blocked anything for you specifically. I just know the list exists on phones somewhere.
That is the entire list of what Escape knows about you. Which is to say, almost nothing.
The "why should I trust you" part
I should not expect you to. I would not expect me to. Trust is earned.
The verifiable things, in order of how much work they take you.
1. Look at the App Store privacy nutrition label. It says Data Not Collected. Apple enforces this. If I were lying, the app would be removed.
2. Read the privacy policy. The full one. With the GDPR carve-outs and the Quebec specifics. It is long because it is honest, not because it is hiding something.
3. Run a packet sniffer. Watch what the app talks to. The traffic is iCloud (your account), the App Store (purchase verification), and one telemetry endpoint in Germany. That is it.
4. Read the Apple framework docs I linked above. The Safari content blocker and Family Controls APIs do not give the developer the kind of access most people assume.
You do not have to trust me. You can verify each of these in an afternoon.
Why this matters now
A few years ago, this question would have been theoretical. Today it is not. Several porn-recovery apps have had public data breaches in the last 18 months. One leaked the personal confessions of hundreds of thousands of users. Another, in an adjacent space, left 5 terabytes of therapy session recordings exposed. The pattern is the same. The app collected sensitive data. The data sat on a server. The server was misconfigured or hacked or sold. The data is now public.
The right answer to "can my porn blocker see what I search" is not "they promise they won't." The right answer is "they architecturally cannot." That is what iOS gives developers who want to build that way. It is the choice I made when I started Escape.
If you want to read more about why I built it without a server, the longer post here covers that. If you want to skip the reading and just try the app, it is on the App Store. No account required. No email collected. Nothing about you leaves your phone.
- Sam
Escape is a Safari content blocker, a 90-second urge ritual, practice games that retrain how you meet an urge, and 27 short courses on identity and the long arc of recovery. No account, no personal tracking.
